2 files changed, 40 insertions, 4 deletions

diff --git a/custodia.conf b/custodia.conf
index 78a0d26..296ab6d 100644
--- a/custodia.conf
+++ b/custodia.conf
@@ -1,10 +1,15 @@
 [global]
 server_version = "Secret/0.0.7"
 
-[auth:simple]
-handler = custodia.http.authenticators.SimpleCredsAuth
-uid = 48
-gid = 48
+#[auth:simple]
+#handler = custodia.http.authenticators.SimpleCredsAuth
+#uid = 48
+#gid = 48
+
+[auth:header]
+handler = custodia.http.authenticators.SimpleHeaderAuth
+name = REMOTE_USER
+value = simo
 
 [/]
 handler = custodia.root.Root
diff --git a/custodia/http/authenticators.py b/custodia/http/authenticators.py
index ad912c6..0a4d9c7 100644
--- a/custodia/http/authenticators.py
+++ b/custodia/http/authenticators.py
@@ -30,3 +30,34 @@ class SimpleCredsAuth(HTTPAuthenticator):
             request['valid_user'] = True
         else:
             raise HTTPError(403)
+
+
+class SimpleHeaderAuth(HTTPAuthenticator):
+
+    def __init__(self, config=None):
+        super(SimpleHeaderAuth, self).__init__(config)
+        self.name = 'REMOTE_USER'
+        self.value = None
+        if 'header' in self.config:
+            self.name = self.config['header']
+        if 'value' in self.config:
+            self.value = self.config['value']
+
+    def handle(self, request):
+        if self.name not in request['headers']:
+            raise HTTPError(403)
+        value = request['headers'][self.name]
+        if self.value is None:
+            # Any value is accepted
+            pass
+        elif isinstance(self.value, str):
+            if value != self.value:
+                raise HTTPError(403)
+        elif isinstance(self.value, list):
+            if value not in self.value:
+                raise HTTPError(403)
+        else:
+            raise HTTPError(403)
+
+        request['valid_user'] = True
+        request['valid_header'] = value